Pattaraporn Sangaroonsilp, Hoa Khanh Dam, Aditya Ghose

Abstract for Artifact Evaluation Submission

1. Paper title

On Privacy Weaknesses and Vulnerabilities in Software Systems (Technical track)

1. Authors

Pattaraporn Sangaroonsilp, Hoa Khanh Dam and Aditya Ghose

1. Purpose of the research artifact

We publicly provided the research artifacts which include all relevant data and outputs produced from every key process in the paper in the replication package named \textbf{``icse2023-paper908-replication-pkg'' }. Those key processes are i) the identification of privacy-related CWE and CVE, ii) the explanatory study on existing privacy software engineering research, well-established data protection regulations and privacy frameworks and additional reputable industry resources, iii) the development of a taxonomy of common privacy threats, iv) the investigation of privacy threats covered in CWE and CVE and v) the proposal of new common privacy weaknesses. This is to ensure transparency and availability of our approaches and processes in our study. The research community can also verify the outputs generated from our processes. In addition, the research community can follow our approaches in other interesting research directions when needed. We believe that these artifacts can also be used to initiate discussions and further work in the community (e.g. new common privacy weaknesses).

1. Badge claim

We aim to claim for the \textbf{Artifacts Available} badge.

1. Technology skills requirements

Reviewers or users of the artifacts are assumed to have a basic level of technology skills as our artifacts do not require any specific or advanced skills/programmes to access and/or run them. They can be accessed using a simple PDF reader (e.g. Adobe Acrobat Reader), a code editor (e.g. Visual Studio Code), Microsoft Excel and a text editor.

1. Download information

We have made the artifacts available in the archival repository called \emph{Figshare}. The research artifacts were compressed into a single package file named ``icse2023-paper908-replication-pkg.zip'' which can be publicly accessed and downloaded via \url{https://figshare.com/articles/conference_contribution/icse2023-paper908-replication-pkg/21922731/2} or DOI: \url{https://doi.org/10.6084/m9.figshare.21922731.v2}. To access those artifacts, we first ask users to unzip the downloaded folder. Then, the users will see five folders and four text files.

1. Artifact details

The five folders consist of i) accepted-paper, ii) code, iii) common-weakness-proposal, iv) data and v) taxonomy. The details of each folder are explained below.

\textbf{accepted-paper:} this folder contains a file named \emph{icse2023-paper908.pdf} which is a copy of the accepted paper in PDF format.

\textbf{code:} this folder contains a file named \emph{10-calculate-agreement-published.ipynb} which is used to calculate the inter-rater agreement.

\textbf{common-weakness-proposal:} this folder contains a file named \emph{12-RQ3-common-weaknesses.pdf} which includes a list of 11 newly proposed common privacy weaknesses with their detailed description.

\textbf{data:} this folder contains 12 files which are the data and outputs generated from the processes in the paper. The files include a list of research papers that address privacy threats with their metadata, a summary of number of privacy-related papers in each venue, a summary of the research papers categorised by privacy threat categories, a list of individual rights identified in the study, a list of privacy-related CWE and CVE with their metadata and the results of agreement annotation. The full list of files can be found in the \emph{README.txt} file.

\textbf{taxonomy:} this folder contains a file named \emph{11-Taxonomy-of-privacy-vulnerabilities.png} which is a full taxonomy of privacy vulnerabilities identified in the paper.

The four text files included in the replication package are i) LICENSE.txt, ii) README.txt, iii) REQUIREMENTS.txt and iv) STATUS.txt. They are required for artifacts evaluation submission.

\textbf{LICENSE.txt:} this file identifies the license our artifacts comply to.

\textbf{README.txt:} this file describes all the files in the replication package in more detail. It also associates those files with their relevant section in the paper. The clear instructions on how to access, view and run files are provided.

\textbf{REQUIREMENTS.txt:} this file describes the minimum requirements used to open or run the artifacts.

\textbf{STATUS.txt:} this file states the badge we are applying for, which is an Artifacts Available badge and the reasons the authors believe that the artifact deserves this badge.

1. How to cite the artifact

Please use the following citation to cite when making use of the artifacts:

P. Sangaroonsilp, H. K. Dam and A. Ghose, \textit{“icse2023-paper908-replication-pkg”}. figshare, doi: https://doi.org/10.6084/m9.figshare.21922731.v2.